When you have installed Really Simple SSL pro, there will be quite a number of new options available to you. We recommend to start by navigating to Settings -> SSL & Security -> Settings (in the top menu bar), and work your way down through the available options & enable the desired settings. This includes all of the Recommended Security Headers as well.
We sometimes get the question: “Which headers should I enable, and why aren’t they all enabled by default?”. This is not always possible, for example, the Content Security Policy is an example of a header that has to be configured/tailored to the requirements of a specific website. We have made this as easy as possible with Learning Mode to handle the detection of resources automatically, but ultimately you have to decide whether a specific URL should be allowed by the Content Security Policy or not.
In this security headers article we’ve discussed each header, and have added a “recommended” or “advanced” flag. If you’re not very experienced, you can still enable these without having to configure a lot of settings. Just enable the switch for a specific Security Header in the Really Simple SSL settings (under Recommended Security Headers), and you’re done!
